RubyGems validates versions with a regular expression that is
vulnerable to denial of service due to backtracking. For specially
crafted RubyGems versions attackers can cause denial of service
through CPU consumption.

The patch for CVE-2013-4363 was insufficiently verified so the
combined regular expression for verifying gem version remains
vulnerable following CVE-2013-4363.

RubyGems validates versions with a regular expression that is
vulnerable to denial of service due to backtracking. For specially
crafted RubyGems versions attackers can cause denial of service
through CPU consumption.